Secure identification of components installed in information handling systems

ABSTRACT

Methods and system are provided for validating the secure assembly and delivery of an IHS (Information Handling System). During factory provisioning of the IHS, an inventory certificate is uploaded to the IHS, where the certificate includes an inventory of the hardware components installed during factory assembly of the IHS and also includes validation schemas the provide instructions for identifying hardware components of the IHS. Upon delivery of the assembled IHS, a validation process is initialized and the inventory certificate is retrieved. Based on the instructions set forth by the validation schemas, the validation process collects an inventory of the detected hardware components of the IHS. The instructions of the validation schemas are further used to compare the collected inventory against the inventory from the signed inventory certificate in order to validate the detected hardware components of the IHS as the same hardware components installed during factory assembly of the IHS.

FIELD

The present disclosure relates generally to Information Handling Systems(IHSs), and relates more particularly to IHS security.

BACKGROUND

As the value and use of information continues to increase, individualsand businesses seek additional ways to process and store information.One option available to users is Information Handling Systems (IHSs). AnIHS generally processes, compiles, stores, and/or communicatesinformation or data for business, personal, or other purposes therebyallowing users to take advantage of the value of the information.Because technology and information handling needs and requirements varybetween different users or applications, IHSs may also vary regardingwhat information is handled, how the information is handled, how muchinformation is processed, stored, or communicated, and how quickly andefficiently the information may be processed, stored, or communicated.The variations in IHSs allow for IHSs to be general or configured for aspecific user or specific use such as financial transaction processing,airline reservations, enterprise data storage, or global communications.In addition, IHSs may include a variety of hardware and softwarecomponents that may be configured to process, store, and communicateinformation and may include one or more computer systems, data storagesystems, and networking systems.

Some types of IHSs, such as mobile phones and tablets, are typicallymanufactured in large quantities and with few variations. For instance,for a particular model of mobile phone or tablet, hundreds of thousandsof identical, or nearly identical, devices may be manufactured. Othertypes of IHSs, such as rack-mounted servers, are manufactured in muchsmaller quantities and are frequently manufactured and customizedaccording to specifications provided by a specific customer that hascontracted for the manufacture and delivery of the server. In suchinstances, a customer may specify various hardware and/or softwarecustomizations that configure the server to support specificfunctionality. For example, a customer may contract for manufacture anddelivery of a server that includes security adaptations that will enablethe server to securely process high volumes of financial transactions.However, such security adaptations may be circumvented by maliciousactors by surreptitiously replacing factory installed hardwarecomponents of an IHS. To a certain extent, IHSs that are mass produced,such as tablets, may be similarly compromised by replacement of factoryinstalled hardware components.

SUMMARY

Various embodiments provide methods for validating secure assembly of anIHS (Information Handling System). The methods may include: retrievingan inventory certificate uploaded to the IHS during factory provisioningof the IHS, wherein the inventory certificate includes an inventoryidentifying a plurality of factory installed hardware components of theIHS, and wherein the inventory certificate further includes a pluralityof validation schemas that comprise instructions for identifying thefactory installed hardware components; collecting an inventory ofdetected hardware components of the IHS, wherein the inventory iscollected based on identifications made using the instructions specifiedby the validation schemas included in the inventory certificate; andcomparing the collected inventory against the inventory from theinventory certificate in order to validate the detected hardwarecomponents of the IHS as the same hardware components installed duringfactory assembly of the IHS.

In additional method embodiments, the comparisons are conducted based onthe instructions specified by the validation schemas included in theinventory certificate. In additional method embodiments, theinstructions of the validation schemas specify unique identifiers foruse in the identifications of the factory installed hardware components.In additional method embodiments, the instructions of the validationschemas specify requirements for use in the identifications of thefactory installed hardware components. In additional method embodiments,the inventory certificate is uploaded to a persistent memory of the IHSduring the factory provisioning of the IHS. In additional methodembodiments, the validation schemas are generated for each of thefactory installed hardware components during the factory provisioning ofthe IHS. In additional method embodiments, the validation processconfirms an integrity of the validation schemas prior to using theschemas in collecting an inventory of detected hardware components. Inadditional method embodiments, the integrity of the validation schemasis confirmed based on digital signatures generated by the IHS during thefactory provisioning of the IHS. In additional method embodiments, theinstructions of the validation schemas specify unique identifiers for acombination of two or more hardware components that are collectivelyrequired for validation of the secure assembly of the IHS.

Various embodiments provide, IHSs (Information Handling Systems) mayinclude: a plurality of hardware components, wherein during factoryprovisioning of the IHS an inventory certificate is uploaded to the IHSthat includes an inventory of the factory installed hardware componentsof the IHS and further includes a plurality of validation schemas thatcomprise instructions for identifying the factory installed hardwarecomponents of the IHS, and wherein the hardware components comprise: oneor more processors; and one or more memory devices coupled to theprocessors, the memory devices storing computer-readable instructionsthat, upon execution by the processors, cause a validation process ofthe IHS to: collect an inventory of the plurality of hardware componentsusing the instructions specified by the validation schemas included inthe inventory certificate; and compare the collected inventory againstthe inventory from the inventory certificate in order to validate theplurality of hardware components of the IHS as the same hardwarecomponents installed during factory assembly of the IHS.

In additional IHS embodiments, the comparisons are conducted based onthe instructions specified by the validation schemas included in theinventory certificate. In additional IHS embodiments, the instructionsof the validation schemas specify unique identifiers for use in theidentifications of the factory installed hardware components. Inadditional IHS embodiments, the instructions of the validation schemasspecify requirements for use in the identifications of the factoryinstalled hardware components. In additional IHS embodiments, theinventory certificate is uploaded to a persistent memory of the IHSduring the factory provisioning of the IHS. In additional IHSembodiments, the validation schemas are generated for each of thefactory installed hardware components during the factory provisioning ofthe IHS.

Various additional embodiments provide computer-readable storage devicesstoring instructions for validating secure assembly of an IHS. Executionof the instructions by one or more processors of the IHS causes avalidation process of the IHS to: retrieve an inventory certificateuploaded to the IHS during factory provisioning of the IHS, and whereinthe inventory certificate includes an inventory of factory installedhardware components of the IHS and further includes validation schemasthat comprise instructions for identifying the factory installedhardware components; collect an inventory of detected hardwarecomponents of the IHS based on the instructions specified by thevalidation schemas; and compare the inventory of detected hardwarecomponents against the inventory from the inventory certificate in orderto validate the plurality of detected hardware components of the IHS asthe same hardware components installed during factory assembly of theIHS.

In additional storage device embodiments, the comparisons are conductedbased on the instructions specified by the validation schemas includedin the inventory certificate. In additional storage device embodiments,the instructions of the validation schemas specify unique identifiersfor use in the identifications of the factory installed hardwarecomponents. In additional storage device embodiments, the instructionsof the validation schemas specify requirements for use in theidentifications of the factory installed hardware components. Inadditional storage device embodiments, the validation process comprisesa pre-boot process of the IHS.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention(s) is/are illustrated by way of example and is/arenot limited by the accompanying figures. Elements in the figures areillustrated for simplicity and clarity, and have not necessarily beendrawn to scale.

FIG. 1 is a diagram illustrating certain components of a chassis,according to some embodiments, for supporting secure identification ofhardware components of the chassis.

FIG. 2 is a diagram illustrating certain components of an IHS configuredas a component of a chassis, according to some embodiments, forsupporting secure identification of hardware components of the IHS.

FIG. 3 is a swim lane diagram illustrating certain responsibilities ofcomponents of a system configured according to certain embodiments forfactory provisioning of an IHS in a manner that supports secureidentification of hardware components of the IHS.

FIG. 4 is a flowchart describing certain steps of a method, according tosome embodiments, for assembly and provisioning of an IHS in a mannerthat supports secure identification of hardware components of the IHS.

FIG. 5 is a swim lane diagram illustrating certain responsibilities ofcomponents of an IHS configured according to certain embodiments forsupporting secure identification of hardware components of the IHS.

FIG. 6 is a flowchart describing certain steps of an additional method,according to some embodiments, for supporting secure identification ofhardware components of the IHS.

DETAILED DESCRIPTION

FIG. 1 is a block diagram illustrating certain components of a chassis100 comprising one or more compute sleds 105 a-n and one or more storagesleds 115 a-n that may be configured to implement the systems andmethods described herein for supporting secure identification ofhardware components of the chassis 100. Embodiments of chassis 100 mayinclude a wide variety of different hardware configurations. Suchvariations in hardware configuration may result from chassis 100 beingfactory assembled to include components specified by a customer that hascontracted for manufacture and delivery of chassis 100. As described inadditional detail below, chassis 100 may include capabilities that allowa customer to confirm the validity of the hardware components of thechassis and, in particular, to securely identify the hardware componentsof chassis 100 in order to determine whether each component is a factoryinstalled hardware components, or has been supplied for installation inthe chassis by a trusted entity.

Chassis 100 may include one or more bays that each receive an individualsled (that may be additionally or alternatively referred to as a tray,blade, and/or node), such as compute sleds 105 a-n and storage sleds 115a-n. Chassis 100 may support a variety of different numbers (e.g., 4, 8,16, 32), sizes (e.g., single-width, double-width) and physicalconfigurations of bays. Other embodiments may include additional typesof sleds that provide various types of storage and/or processingcapabilities. Other types of sleds may provide power management andnetworking functions. Sleds may be individually installed and removedfrom the chassis 100, thus allowing the computing and storagecapabilities of a chassis to be reconfigured by swapping the sleds withdifferent types of sleds, in many cases without affecting the operationsof the other sleds installed in the chassis 100.

Multiple chassis 100 may be housed within a rack. Data centers mayutilize large numbers of racks, with various different types of chassisinstalled in the various configurations of racks. The modulararchitecture provided by the sleds, chassis and rack allow for certainresources, such as cooling, power and network bandwidth, to be shared bythe compute sleds 105 a-n and storage sleds 115 a-n, thus providingefficiency improvements and supporting greater computational loads.

Chassis 100 may be installed within a rack structure that provides allor part of the cooling utilized by chassis 100. For airflow cooling, arack may include one or more banks of cooling fans that may be operatedto ventilate heated air from within the chassis 100 that is housedwithin the rack. The chassis 100 may alternatively or additionallyinclude one or more cooling fans 130 that may be similarly operated toventilate heated air from within the sleds 105 a-n, 115 a-n installedwithin the chassis. A rack and a chassis 100 installed within the rackmay utilize various configurations and combinations of cooling fans tocool the sleds 105 a-n, 115 a-n and other components housed withinchassis 100.

The sleds 105 a-n, 115 a-n may be individually coupled to chassis 100via connectors that correspond to the bays provided by the chassis 100and that physically and electrically couple an individual sled to abackplane 160. Chassis backplane 160 may be a printed circuit board thatincludes electrical traces and connectors that are configured to routesignals between the various components of chassis 100 that are connectedto the backplane 160. In various embodiments, backplane 160 may includevarious additional components, such as cables, wires, midplanes,backplanes, connectors, expansion slots, and multiplexers. In certainembodiments, backplane 160 may be a motherboard that includes variouselectronic components installed thereon. Such components installed on amotherboard backplane 160 may include components that implement all orpart of the functions described with regard to the SAS (Serial AttachedSCSI) expander 150, I/O controllers 145, network controller 140 andpower supply unit 135. In some embodiments, a backplane 160 may beuniquely identified based on a code or other identifier that may bepermanently encoded in a non-volatile memory of the backplane 160 by itsmanufacturer. As described below, embodiments may support secureidentification of the backplane 160 installed in chassis 100 in order tovalidate backplane 160 as being the same backplane that was installed atthe factory during the manufacture of chassis 100, or as being areplacement backplane supplied for installation in the chassis 100 by atrusted entity.

In certain embodiments, a compute sled 105 a-n may be an IHS such asdescribed with regard to IHS 200 of FIG. 2. A compute sled 105 a-n mayprovide computational processing resources that may be used to support avariety of e-commerce, multimedia, business and scientific computingapplications, such as services provided via a cloud implementation.Compute sleds 105 a-n are typically configured with hardware andsoftware that provide leading-edge computational capabilities.Accordingly, services provided using such computing capabilities aretypically provided as high-availability systems that operate withminimum downtime. As described in additional detail with regard to FIG.2, compute sleds 105 a-n may be configured for general-purpose computingor may be optimized for specific computing tasks.

As illustrated, each compute sled 105 a-n includes a remote accesscontroller (RAC) 110 a-n. As described in additional detail with regardto FIG. 2, remote access controller 110 a-n provides capabilities forremote monitoring and management of compute sled 105 a-n. In support ofthese monitoring and management functions, remote access controllers 110a-n may utilize both in-band and sideband (i.e., out-of-band)communications with various components of a compute sled 105 a-n andchassis 100. Remote access controllers 110 a-n may collect various typesof sensor data, such as collecting temperature sensor readings that areused in support of airflow cooling of the chassis 100 and the sleds 105a-n, 115 a-n. In addition, each remote access controller 110 a-n mayimplement various monitoring and administrative functions related tocompute sleds 105 a-n that utilize sideband bus connections with variousinternal components of the respective compute sleds 105 a-n.

In some embodiments, each compute sled 105 a-n installed in chassis 100may be uniquely identified based on a code or other identifier that maybe permanently encoded in a non-volatile memory of a respective computesled 105 a-n by its manufacturer. As described below, embodimentssupport validation of each compute sled 105 a-n as being a compute sledthat was installed at the factory during the manufacture of chassis 100.During a provisioning phase of the factory assembly of chassis 100, asigned certificate that specifies hardware components of chassis 100that were installed during its manufacture may be stored in anon-volatile memory accessed by a remote access controller 110 a-n of acompute sled 105 a-n. Also as described below, a signed inventorycertificate may also include validation schemas that includeinstructions that are used to identify hardware components of chassis100. Using these validation schemas from the signed inventorycertificate, a customer may securely identify hardware componentsinstalled in chassis 100 in order to validate that the hardwarecomponents of chassis 100 are the same components that were installed atthe factory during its manufacture, or are components supplied forinstallation in the chassis 100 by a trusted entity.

Each of the compute sleds 105 a-n may include a storage controller 135a-n that may be utilized to access storage drives that are accessiblevia chassis 100. Some of the individual storage controllers 135 a-n mayprovide support for RAID (Redundant Array of Independent Disks)configurations of logical and physical storage drives, such as storagedrives provided by storage sleds 115 a-n. In some embodiments, some orall of the individual storage controllers 135 a-n may be HBAs (Host BusAdapters) that provide more limited capabilities in accessing physicalstorage drives provided via storage sleds 115 a-n and/or via SASexpander 150.

In addition to the data storage capabilities provided by storage sleds115 a-n, chassis 100 may provide access to other storage resources thatmay be installed components of chassis 100 and/or may be installedelsewhere within a rack housing the chassis 100, such as within astorage blade. In certain scenarios, such storage resources 155 may beaccessed via a SAS expander 150 that is coupled to the backplane 160 ofthe chassis 100. The SAS expander 150 may support connections to anumber of JBOD (Just a Bunch Of Disks) storage drives 155 that may beconfigured and managed individually and without implementing dataredundancy across the various drives 155. The additional storageresources 155 may also be at various other locations within a datacenterin which chassis 100 is installed. Such additional storage resources 155may also be remotely located. In some embodiments, a SAS expander 150may be uniquely identified based on a code or other identifier that maybe permanently encoded in a non-volatile memory of the SAS expander 150by its manufacturer. As described below, embodiments may support secureidentification of the SAS expander 150 and storage drives 155 installedin chassis 100 in order to validate SAS expander 150 and storage drives155 as being the same SAS expander and storage drives that wereinstalled at the factory during the manufacture of chassis 100, or asbeing supplied for installation in the chassis 100 by a trusted entity.

As illustrated, chassis 100 also includes one or more storage sleds 115a-n that are coupled to the backplane 160 and installed within one ormore bays of chassis 200 in a similar manner to compute sleds 105 a-n.Each of the individual storage sleds 115 a-n may include variousdifferent numbers and types of storage devices. For instance, storagesleds 115 a-n may include SAS (Serial Attached SCSI) magnetic diskdrives, SATA (Serial Advanced Technology Attachment) magnetic diskdrives, solid-state drives (SSDs) and other types of storage drives invarious combinations. The storage sleds 115 a-n may be utilized invarious storage configurations by the compute sleds 105 a-n that arecoupled to chassis 100. As illustrated, each storage sled 115 a-nincludes a remote access controller (RAC) 120 a-n provides capabilitiesfor remote monitoring and management of respective storage sleds 115a-n. In some embodiments, each storage sled 115 a-n may be uniquelyidentified based on a code or other identifier that may be permanentlyencoded in a non-volatile memory of the respective storage sled 115 a-nby its manufacturer. As described below, embodiments support secureidentification of the storage sleds 115 a-n installed in chassis 100 inorder to validate each storage sled 115 a-n as being a storage sled thatwas installed at the factory during the manufacture of chassis 100, oras being supplied for installation in the chassis 100 by a trustedentity.

As illustrated, the chassis 100 of FIG. 1 includes a network controller140 that provides network access to the sleds 105 a-n, 115 a-n installedwithin the chassis. Network controller 140 may include various switches,adapters, controllers and couplings used to connect chassis 100 to anetwork, either directly or via additional networking components andconnections provided via a rack in which chassis 100 is installed. Insome embodiments, a network controller 140 may be uniquely identifiedbased on a code or other identifier that may be permanently encoded in anon-volatile memory of the network controller 140 by its manufacturer.As described below, embodiments support secure identification of thenetwork controller 140 installed in chassis 100 in order to validatenetwork controller 140 as being the same network controller that wasinstalled at the factory during the manufacture of chassis 100, or asbeing supplied for installation in the chassis 100 by a trusted entity.

Chassis 100 may similarly include a power supply unit 135 that providesthe components of the chassis with various levels of DC power from an ACpower source or from power delivered via a power system provided by arack within which chassis 100 may be installed. In certain embodiments,power supply unit 135 may be implemented within a sled that may providechassis 100 with redundant, hot-swappable power supply units. In someembodiments, a power supply unit 135 may be uniquely identified based ona code or other identifier that may be permanently encoded in anon-volatile memory of the power supply unit 135 by its manufacturer. Asdescribed below, embodiments support secure identification of the powersupply unit 135 installed in chassis 100 in order to validate powersupply unit 135 as being the same power supply unit that was installedat the factory during the manufacture of chassis 100, or as beingsupplied for installation in the chassis 100 by a trusted entity.

Chassis 100 may also include various I/O controllers 140 that maysupport various I/O ports, such as USB ports that may be used to supportkeyboard and mouse inputs and/or video display capabilities. Such I/Ocontrollers 145 may be utilized by the chassis management controller 125to support various KVM (Keyboard, Video and Mouse) 125 a capabilitiesthat provide administrators with the ability to interface with thechassis 100. In some embodiments, each I/O controller 140 may beuniquely identified based on a code or other identifier that may bepermanently encoded in a non-volatile memory of the respective I/Ocontroller 140 by its manufacturer. As described below, embodimentssupport secure identification of the I/O controllers 140 installed inchassis 100 in order to validate I/O controllers 140 as being the sameI/O controllers that were installed at the factory during themanufacture of chassis 100, or as being supplied for installation in thechassis 100 by a trusted entity.

The chassis management controller 125 may also include a storage module125 c that provides capabilities for managing and configuring certainaspects of the storage devices of chassis 100, such as the storagedevices provided within storage sleds 115 a-n and within the JBOD 155.In some embodiments, a chassis management controller 125 may be uniquelyidentified based on a code or other identifier that may be permanentlyencoded in a non-volatile memory of the chassis management controller125 by its manufacturer. As described below, embodiments support secureidentification of the chassis management controller 125 installed inchassis 100 in order to validate chassis management controller 125 asbeing the same chassis management controller that was installed at thefactory during the manufacture of chassis 100, or as being supplied forinstallation in the chassis 100 by a trusted entity.

In addition to providing support for KVM 125 a capabilities foradministering chassis 100, chassis management controller 125 may supportvarious additional functions for sharing the infrastructure resources ofchassis 100. In some scenarios, chassis management controller 125 mayimplement tools for managing the power 135, network bandwidth 140 andairflow cooling 130 that are available via the chassis 100. Asdescribed, the airflow cooling 130 utilized by chassis 100 may includean airflow cooling system that is provided by a rack in which thechassis 100 may be installed and managed by a cooling module 125 b ofthe chassis management controller 125.

For purposes of this disclosure, an IHS may include any instrumentalityor aggregate of instrumentalities operable to compute, calculate,determine, classify, process, transmit, receive, retrieve, originate,switch, store, display, communicate, manifest, detect, record,reproduce, handle, or utilize any form of information, intelligence, ordata for business, scientific, control, or other purposes. For example,an IHS may be a personal computer (e.g., desktop or laptop), tabletcomputer, mobile device (e.g., Personal Digital Assistant (PDA) or smartphone), server (e.g., blade server or rack server), a network storagedevice, or any other suitable device and may vary in size, shape,performance, functionality, and price. An IHS may include Random AccessMemory (RAM), one or more processing resources such as a CentralProcessing Unit (CPU) or hardware or software control logic, Read-OnlyMemory (ROM), and/or other types of nonvolatile memory. Additionalcomponents of an IHS may include one or more disk drives, one or morenetwork ports for communicating with external devices as well as variousI/O devices, such as a keyboard, a mouse, touchscreen, and/or a videodisplay. As described, an IHS may also include one or more busesoperable to transmit communications between the various hardwarecomponents. An example of an IHS is described in more detail below.

FIG. 2 shows an example of an IHS 200 configured to implement systemsand methods described herein for supporting secure identification ofhardware components installed in IHS 200. It should be appreciated thatalthough the embodiments described herein may describe an IHS that is acompute sled or similar computing component that may be deployed withinthe bays of a chassis, other embodiments may be utilized with othertypes of IHSs that may also support validation of the secure assemblyand delivery of the IHS 200. In the illustrative embodiment of FIG. 2,IHS 200 may be a computing component, such as compute sled 105 a-n orother type of server, such as an 1RU server installed within a 2RUchassis, that is configured to share infrastructure resources providedby a chassis 100.

The IHS 200 of FIG. 2 may be a compute sled, such as compute sleds 105a-n of FIG. 1, that may be installed within a chassis, that may in turnbe installed within a rack. Installed in this manner, IHS 200 mayutilize shared power, network and cooling resources provided by thechassis and/or rack. Embodiments of IHS 200 may include a wide varietyof different hardware configurations. Such variations in hardwareconfiguration may result from IHS 200 being factory assembled to includecomponents specified by a customer that has contracted for manufactureand delivery of IHS 200. As described in additional detail below, IHS200 may include capabilities that allow a customer to securely identifyhardware components installed in IHS 200 and to validate that thehardware components of IHS 200 are the same hardware components thatwere installed at the factory during its manufacture, or were suppliedfor installation in the IHS 200 by a trusted entity.

IHS 200 may utilize one or more processors 205. In some embodiments,processors 205 may include a main processor and a co-processor, each ofwhich may include a plurality of processing cores that, in certainscenarios, may each be used to run an instance of a server process. Incertain embodiments, one or all of processor(s) 205 may be graphicsprocessing units (GPUs) in scenarios where IHS 200 has been configuredto support functions such as multimedia services and graphicsapplications. In some embodiments, each of the processors 205 may beuniquely identified based on a code or other identifier that may bepermanently encoded in a respective processor 205 by its manufacturer.As described below, embodiments support secure identification ofprocessors 205 installed in IHS 200 in order to validate processors 205as being the same processors that were installed at the factory duringthe manufacture of IHS 200. In some scenarios, the motherboard of IHS200 on which processors 205 are mounted may be replaced. In suchinstances, embodiments support secure identification of the replacementmotherboard in order to validate the replacement motherboard as beingsupplied for installation in the IHS 200 by a trusted entity.

As illustrated, processor(s) 205 includes an integrated memorycontroller 205 a that may be implemented directly within the circuitryof the processor 205, or the memory controller 205 a may be a separateintegrated circuit that is located on the same die as the processor 205.The memory controller 205 a may be configured to manage the transfer ofdata to and from the system memory 210 of the IHS 205 via a high-speedmemory interface 205 b. The system memory 210 is coupled to processor(s)205 via a memory bus 205 b that provides the processor(s) 205 withhigh-speed memory used in the execution of computer program instructionsby the processor(s) 205. Accordingly, system memory 210 may includememory components, such as static RAM (SRAM), dynamic RAM (DRAM), NANDFlash memory, suitable for supporting high-speed memory operations bythe processor(s) 205. In certain embodiments, system memory 210 maycombine both persistent, non-volatile memory and volatile memory.

In certain embodiments, the system memory 210 may be comprised ofmultiple removable memory modules. The system memory 210 of theillustrated embodiment includes removable memory modules 210 a-n. Eachof the removable memory modules 210 a-n may correspond to a printedcircuit board memory socket that receives a removable memory module 210a-n, such as a DIMM (Dual In-line Memory Module), that can be coupled tothe socket and then decoupled from the socket as needed, such as toupgrade memory capabilities or to replace faulty memory modules. Otherembodiments of IHS system memory 210 may be configured with memorysocket interfaces that correspond to different types of removable memorymodule form factors, such as a Dual In-line Package (DIP) memory, aSingle In-line Pin Package (SIPP) memory, a Single In-line Memory Module(SIMM), and/or a Ball Grid Array (BGA) memory. In some embodiments, eachof the memory modules 210 a-n may be uniquely identified based on a codeor other identifier that may be permanently encoded in a respectivememory module 210 a-n by its manufacturer. As described below,embodiments support secure identification of memory modules 210 a-ninstalled in IHS 200 in order to validate memory modules 210 a-n asbeing the same memory modules that were installed at the factory duringthe manufacture of IHS 200, or as being supplied for installation in theIHS 200 by a trusted entity.

IHS 200 may utilize a chipset that may be implemented by integratedcircuits that are connected to each processor 205. All or portions ofthe chipset may be implemented directly within the integrated circuitryof an individual processor 205. The chipset may provide the processor(s)205 with access to a variety of resources accessible via one or morein-band buses 215. Various embodiments may utilize any number of busesto provide the illustrated pathways served by in-band bus 215. Incertain embodiments, in-band bus 215 may include a PCIe (PCI Express)switch fabric that is accessed via a PCIe root complex. IHS 200 may alsoinclude one or more I/O ports 250, such as PCIe ports, that may be usedto couple the IHS 200 directly to other IHSs, storage resources and/orother peripheral components.

As illustrated, IHS 200 may include one or more FPGA cards 220. Each ofthe FPGA card 220 supported by IHS 200 may include various processingand memory resources, in addition to an FPGA logic unit that may includecircuits that can be reconfigured after deployment of IHS 200 throughprogramming functions supported by the FPGA card 220. Through suchreprogramming of such logic units, each individual FGPA card 220 may beoptimized to perform specific processing tasks, such as specific signalprocessing, security, data mining, and artificial intelligencefunctions, and/or to support specific hardware coupled to IHS 200. Insome embodiments, a single FPGA card 220 may include multiple FPGA logicunits, each of which may be separately programmed to implement differentcomputing operations, such as in computing different operations that arebeing offloaded from processor 205. The FPGA card 220 may also include amanagement controller 220 a that may support interoperation with theremote access controller 255 via a sideband device management bus 275 a.In some embodiments, each of the FPGA cards 220 installed in IHS 200 maybe uniquely identified based on a code or other identifier that may bepermanently encoded in the FPGA card 220 by its manufacturer. Asdescribed below, embodiments may support secure identification of FPGAcards 220 installed in IHS 200 in order to validate FPGA card 220 asbeing the same FPGA card that was installed at the factory during themanufacture of IHS 200, or as being supplied for installation in the IHS200 by a trusted entity.

Processor(s) 205 may also be coupled to a network controller 225 viain-band bus 215, such as provided by a Network Interface Controller(NIC) that allows the IHS 200 to communicate via an external network,such as the Internet or a LAN. In some embodiments, network controller225 may be a replaceable expansion card or adapter that is coupled to amotherboard connector of IHS 200. In some embodiments, networkcontroller 225 may be an integrated component of IHS 200. In someembodiments, network controller 225 may be uniquely identified based ona code or other identifier, such as a MAC address, that may bepermanently encoded in a non-volatile memory of network controller 225by its manufacturer. As described below, embodiments may support secureidentification of network controller 225 installed in IHS 200 in orderto validate network controller 225 as being the same network controllerthat was installed at the factory during the manufacture of IHS 200, oras being supplied for installation in the IHS 200 by a trusted entity.

A variety of additional components may be coupled to processor(s) 205via in-band bus 215. For instance, processor(s) 205 may also be coupledto a power management unit 260 that may interface with the power systemunit 135 of the chassis 100 in which an IHS, such as a compute sled, maybe installed. In certain embodiments, a graphics processor 235 may becomprised within one or more video or graphics cards, or an embeddedcontroller, installed as components of the IHS 200. In certainembodiments, graphics processor 235 may be an integrated component ofthe remote access controller 255 and may be utilized to support thedisplay of diagnostic and administrative interfaces related to IHS 200via display devices that are coupled, either directly or remotely, toremote access controller 255. In some embodiments, components such aspower management unit 260 and graphics processor 235 may also beuniquely identified based on a code or other identifier that may bepermanently encoded in a non-volatile memory of these components bytheir respective manufacturer. As described below, embodiments maysupport secure identification of components installed in IHS 200 inorder to validate these components as being components that wereinstalled at the factory during the manufacture of IHS 200, or as beingsupplied for installation in the IHS 200 by a trusted entity.

In certain embodiments, IHS 200 may operate using a BIOS (BasicInput/Output System) that may be stored in a non-volatile memoryaccessible by the processor(s) 205. The BIOS may provide an abstractionlayer by which the operating system of the IHS 200 interfaces with thehardware components of the IHS. Upon powering or restarting IHS 200,processor(s) 205 may utilize BIOS instructions to initialize and testhardware components coupled to the IHS, including both componentspermanently installed as components of the motherboard of IHS 200 andremovable components installed within various expansion slots supportedby the IHS 200. The BIOS instructions may also load an operating systemfor use by the IHS 200. In certain embodiments, IHS 200 may utilizeUnified Extensible Firmware Interface (UEFI) in addition to or insteadof a BIOS. In certain embodiments, the functions provided by a BIOS maybe implemented, in full or in part, by the remote access controller 255.As described in additional detail below, in some embodiments, BIOS maybe configured to identify hardware components that are detected as beingcurrently installed in IHS 200. In such instances, the BIOS may supportqueries that provide the described unique identifiers that have beenassociated with each of these detected hardware components by theirrespective manufacturers.

In some embodiments, IHS 200 may include a TPM (Trusted Platform Module)that may include various registers, such as platform configurationregisters, and a secure storage, such as an NVRAM (Non-VolatileRandom-Access Memory). The TPM may also include a cryptographicprocessor that supports various cryptographic capabilities. In IHSembodiments that include a TPM, a pre-boot process implemented by theTPM may utilize its cryptographic capabilities to calculate hash valuesthat are based on software and/or firmware instructions utilized bycertain core components of IHS, such as the BIOS and boot loader of IHS200. These calculated hash values may then be compared against referencehash values that were previously stored in a secure non-volatile memoryof the IHS, such as during factory provisioning of IHS 200. In thismanner, a TPM may establish a root of trust that includes corecomponents of IHS 200 that are validated as operating using instructionsthat originate from a trusted source.

As described, IHS 200 may include a remote access controller 255 thatsupports remote management of IHS 200 and of various internal componentsof IHS 200. In certain embodiments, remote access controller 255 mayoperate from a different power plane from the processors 205 and othercomponents of IHS 200, thus allowing the remote access controller 255 tooperate, and management tasks to proceed, while the processing cores ofIHS 200 are powered off. As described, various functions provided by theBIOS, including launching the operating system of the IHS 200, may beimplemented by the remote access controller 255. In some embodiments,the remote access controller 255 may perform various functions to verifythe integrity of the IHS 200 and its hardware components prior toinitialization of the operating system of IHS 200 (i.e., in a bare-metalstate). In some embodiments, certain operations of the remote accesscontroller 225, such as the described inventory certificate generationand validation operations, may operate using validated instructions, andthus within the root of trust of IHS 200.

In some embodiments, remote access controller 255 may be uniquelyidentified based on a code or other identifier that may be permanentlyencoded in a non-volatile memory of the remote access controller 255 byits manufacturer. As described below, embodiments may support secureidentification of remote access controller 255 installed in IHS 200 inorder to validate remote access controller 255 as being the samecontroller that was installed at the factory during the manufacture ofIHS 200. Also as described below, during a provisioning phase of thefactory assembly of IHS 200, a signed certificate may be stored in anon-volatile memory that is accessed by remote access controller 255,where the certificate specifies an inventory of factory installedhardware components of IHS 200 and components supplied for installationin IHS 200 by trusted entities and that also specifies schemas used forsecurely identifying and validating the hardware component of IHS 200.Using this signed inventory certificate stored by the remote accesscontroller 255, a customer may securely identify the hardware componentsinstalled in IHS 200 in order to validate that the detected hardwarecomponents of IHS 200 are the same hardware components that wereinstalled at the factory during manufacture of IHS 200, or as beingsupplied for installation in the IHS 200 by a trusted entity.

In support of the capabilities for validating the detected hardwarecomponents of IHS 200 against the inventory information that isspecified in a signed inventory certificate, remote access controller255 may support various cryptographic capabilities. For instance, remoteaccess controller 255 may include capabilities for key generation suchthat remote access controller may generate keypairs that include apublic key and a corresponding private key. As described in additionaldetail below, using generated keypairs, remote access controller 255 maydigitally sign validation schemas and inventory information collectedduring the factory assembly of IHS 200 such that the integrity of thissigned inventory information may be validated at a later time using thepublic key by a customer that has purchased IHS 200. Using thesecryptographic capabilities of the remote access controller, the factoryinstalled inventory information that is included in an inventorycertificate and the validation schemas may be anchored to a specificremote access controller 255, since the keypair used to sign theinventory information is signed using the private key that is generatedand maintained by the remote access controller 255.

In some embodiment, the cryptographic capabilities of remote accesscontroller 255 may also include safeguards for encrypting any privatekeys that are generated by the remote access controller and furtheranchoring them to components within the root of trust of IHS 200. Forinstance, a remote access controller 255 may include capabilities foraccessing hardware root key (HRK) capabilities of IHS 200, such as forencrypting the private key of the keypair generated by the remote accesscontroller. In some embodiments, the HRK may include a root key that isprogrammed into a fuse bank, or other immutable memory such as one-timeprogrammable registers, during factory provisioning of IHS 200. The rootkey may be provided by a factory certificate authority, such asdescribed below. By encrypting a private key using the hardware root keyof IHS 200, the hardware inventory information and validation schemasthat are signed using this private key is further anchored to the rootof trust of IHS 200. If a root of trust cannot be established throughvalidation of the remote access controller cryptographic functions thatare used to access the hardware root key, the private key used to signinventory information cannot be retrieved. In some embodiments, theprivate key that is encrypted by the remote access controller using theHRK may be stored to a replay protected memory block (RPMB) that isaccessed using security protocols that require all commands accessingthe RPMB to be digitally signed using a symmetric key and that include anonce or other such value that prevents use of commands in replayattacks. Stored to an RPMG, the encrypted private key can only beretrieved by a component within the root of trust of IHS 200, such asthe remote access controller 255.

Remote access controller 255 may include a service processor 255 a, orspecialized microcontroller, that operates management software thatsupports remote monitoring and administration of IHS 200. Remote accesscontroller 255 may be installed on the motherboard of IHS 200 or may becoupled to IHS 200 via an expansion slot provided by the motherboard. Insupport of remote monitoring functions, network adapter 225 c maysupport connections with remote access controller 255 using wired and/orwireless network connections via a variety of network technologies. As anon-limiting example of a remote access controller, the integrated DellRemote Access Controller (iDRAC) from Dell® is embedded within DellPowerEdge™ servers and provides functionality that helps informationtechnology (IT) administrators deploy, update, monitor, and maintainservers remotely.

In some embodiments, remote access controller 255 may support monitoringand administration of various managed devices 220, 225, 230, 280 of anIHS via a sideband bus interface. For instance, messages utilized indevice management may be transmitted using I2C sideband bus connections275 a-d that may be individually established with each of the respectivemanaged devices 220, 225, 230, 280 through the operation of an I2Cmultiplexer 255 d of the remote access controller. As illustrated,certain of the managed devices of IHS 200, such as non-standard hardware220, network controller 225 and storage controller 230, are coupled tothe IHS processor(s) 205 via an in-line bus 215, such as a PCIe rootcomplex, that is separate from the I2C sideband bus connections 275 a-dused for device management. The management functions of the remoteaccess controller 255 may utilize information collected by variousmanaged sensors 280 located within the IHS. For instance, temperaturedata collected by sensors 280 may be utilized by the remote accesscontroller 255 in support of closed-loop airflow cooling of the IHS 200.

In certain embodiments, the service processor 255 a of remote accesscontroller 255 may rely on an I2C co-processor 255 b to implementsideband I2C communications between the remote access controller 255 andmanaged components 220, 225, 230, 280 of the IHS. The I2C co-processor255 b may be a specialized co-processor or micro-controller that isconfigured to interface via a sideband I2C bus interface with themanaged hardware components 220, 225, 230, 280 of IHS. In someembodiments, the I2C co-processor 255 b may be an integrated componentof the service processor 255 a, such as a peripheral system-on-chipfeature that may be provided by the service processor 255 a. Each I2Cbus 275 a-d is illustrated as single line in FIG. 2. However, each I2Cbus 275 a-d may be comprised of a clock line and data line that couplethe remote access controller 255 to I2C endpoints 220 a, 225 a, 230 a,280 a which may be referred to as modular field replaceable units(FRUs).

As illustrated, the I2C co-processor 255 b may interface with theindividual managed devices 220, 225, 230, 280 via individual sidebandI2C buses 275 a-d selected through the operation of an I2C multiplexer255 d. Via switching operations by the I2C multiplexer 255 d, a sidebandbus connection 275 a-d may be established by a direct coupling betweenthe I2C co-processor 255 b and an individual managed device 220, 225,230, 280. In providing sideband management capabilities, the I2Cco-processor 255 b may each interoperate with corresponding endpoint I2Ccontrollers 220 a, 225 a, 230 a, 280 a that implement the I2Ccommunications of the respective managed devices 220, 225, 230. Theendpoint I2C controllers 220 a, 225 a, 230 a, 280 a may be implementedas a dedicated microcontroller for communicating sideband I2C messageswith the remote access controller 255, or endpoint I2C controllers 220a, 225 a, 230 a, 280 a may be integrated SoC functions of a processor ofthe respective managed device endpoints 220, 225, 230, 280.

In various embodiments, an IHS 200 does not include each of thecomponents shown in FIG. 2. In various embodiments, an IHS 200 mayinclude various additional components in addition to those that areshown in FIG. 2. Furthermore, some components that are represented asseparate components in FIG. 2 may in certain embodiments instead beintegrated with other components. For example, in certain embodiments,all or a portion of the functionality provided by the illustratedcomponents may instead be provided by components integrated into the oneor more processor(s) 205 as a systems-on-a-chip.

FIG. 3 is a swim lane diagram illustrating certain responsibilities ofcomponents of a system configured according to certain embodiments forfactory provisioning of an IHS in a manner that supports secureidentification of hardware components of the IHS in order to validatethe hardware components as installed at the factory during manufactureof the IHS, or as being supplied for installation in the IHS by atrusted entity. FIG. 4 is a flowchart describing certain steps of amethod, according to some embodiments, for assembly and provisioning ofan IHS in a manner that supports secure identification of hardwarecomponents of the IHS in order to validate the hardware components asinstalled at the factory during manufacture of the IHS, or as beingsupplied for installation in the IHS by a trusted entity.

Some embodiments of the method of FIG. 4 may begin, at block 405, withthe factory assembly of an IHS, such as the assembly of a serverdescribed with regard to FIGS. 1 and 2. In some instances, an IHS may bemanufactured using a factory process that includes multiple phases ofassembly, validation and provisioning that must be completed before theIHS is shipped to a customer. As described, an IHS such as a server maybe purpose-built for a particular customer such that the server isassembled and provisioned according to specifications provided by thecustomer. The initial factory assembly of such server IHSs may includethe selection of a chassis and the fastening of various hardwarecomponents to the selected chassis. Such a factory assembly process mayinclude generating a manifest that tracks the individual hardwarecomponents that are installed in an IHS. As described above, theinstalled hardware components may include standard components and mayalso include specialized components that have been requested by aspecific customer that has contracted for the assembly and delivery ofan IHS.

Once the assembly of an IHS has been completed, the IHS may be subjectedto manual and automated inspections that confirm the IHS has beenproperly assembled and does not include any defects. After confirming anIHS has been assembled without any manufacturing defects, at block 410,factory provisioning of the IHS may be initiated. In some instances, theprovisioning of an IHS at the factory may include various stages thatmay include stages for loading of firmware, configuring hardwarecomponents, and installing an operating system and other software. Asindicated in FIG. 3, various aspects of this factory provisioningprocess may be conducted using a factory provisioning application, wherethis factory provisioning application may run on one or more serversIHSs, and may interface with an assembled IHS that is being provisionedonce a requisite amount of firmware and software has been installed tothe IHS.

As described, a manifest of the individual hardware components that areinstalled in an IHS may be generated during assembly of the IHS. Such amanifest may be a file that includes an entry for each componentinstalled to an IHS, where the entry may specify various characteristicsof the component, such as model numbers and installation locations, andmay also specify any unique identifiers associated with the component,such as a MAC address or a serial number. At block 415, a manifestgenerated during assembly of an IHS is provided to the factoryprovisioning application that is being used to provision the assembledIHS.

Based on this hardware manifest information, at block 420 and asindicated at 322 of FIG. 3, the factory provisioning application maydetermine validation schemas for hardware components that are includedin the manifest. A validation schema for a hardware component mayspecify characteristics, such as particular serial numbers, modelnumbers, MAC addresses and unique values, by which the component may beidentified. In some embodiments, a validation schema for a hardwarecomponent may also specify procedures by which to identify thecomponent, such as the particular queries for use in retrievingcomponent identifiers. In some instances, a manufacturer of a hardwarecomponent may provide a validation schema for the component. In someinstances, a manufacturer, reseller or entity that supports a hardwarecomponent may provide a validation schema for that component. In someinstances, an entity supporting administration of the IHS in which thecomponent is to be installed may provide a validation schema for acomponent. For instance, a manufacturer of an IHS may provide avalidation schema for a backplane that is installed in an IHS. Invarious other instances, a validation schema may be provided by variousother entities, such as by standards organizations and open sourceorganizations.

Upon receipt of the manifest specifying the factory installed hardwareof an IHS and the validation schemas used to identify some or all ofthese hardware components, the factory provisioning application mayinitiate the generation of an inventory certificate that may be used bya customer that receives the IHS to validate that the detected hardwarecomponents of the IHS are the same hardware components that wereinstalled during the factory assembly of the IHS, or as being suppliedfor installation in the IHS by a trusted entity. As described withregard to FIGS. 1 and 2, an IHS may include a remote access controllerthat provides capabilities for remote management of an IHS, where theseremote management capabilities may include sideband management ofvarious hardware components of an IHS. At block 422, the hardwareinventory of the assembled IHS and the validation schemas may beprovided to the remote access controller in order to initiate a requestfor an inventory certificate for use in validating the hardware of theIHS.

As indicated in FIG. 3, the generation of an inventory certificate for anewly assembled IHS, at 325, may be initiated via a request from thefactory provisioning application 305 to the remote access controller 310of the IHS. As described with regard to FIG. 2, a remote accesscontroller of an IHS may include cryptographic capabilities that operatewithin the root of trust of the IHS and that include the ability togenerate cryptographic keypairs. Utilizing such cryptographiccapabilities, at block 425, the remote access controller 310 initiatesthe generation of an inventory certificate by generating a cryptographickey pair for use in validating the authenticity of hardware componentinventory information that is included in an inventory certificate andthe validation schemas used to identify these components.

At block 430 and at 330, the remote access controller 310 generates acertificate signing request (CSR) for a digital identity certificate,where the request specifies the public key of the key pair generated bythe remote access controller and also specifies the factory installedhardware inventory from the manifest that was generated during assemblyof the IHS and also specifies the validation schemas used to identifythese components. The factory installed hardware inventory informationincluded in the CSR may be signed by the remote access controller usingthe private key from the generated keypair. At block 435 and at 335, theCSR for the requested inventory certificate is transmitted to thefactory provisioning application 305 by the remote access controller310. At block 440, the remote access controller safeguards the privatekey from the generated key pair. In some embodiments, the remote accesscontroller may encrypt the private key using the hardware root key (HRK)of the IHS and may store the encrypted key to a protected memory, suchas the replay protected memory block that is described with regard toFIG. 2.

Upon receiving the certificate signing request from the remote accesscontroller 310, at block 445 and at 340, the factory provisioningapplication 305 submits the CSR for signing by a factory certificateauthority 315. In some embodiments, the factory provisioning application305 specifies a factory key to be used by the factory certificateauthority 315 in signing the inventory certificate. For instance, thefactory provisioning application may include the name of a trustedcertificate associated with a factory key as an attribute of the CSRthat is transmitted to the factory certificate authority 315. Uponreceipt of the CSR, at block 450, the factory certificate authorityparses from the CSR: the hardware inventory information, the validationschemas, the public key generated by the remote access controller andthe information specifying the requested signing key. Based on theinformation parsed from the CSR, the factory certificate authoritygenerates a digital identity certificate, referred to herein as aninventory certificate, that is associated with the public key providedby the remote access controller and that specifies the factory installedhardware inventory of the IHS and the validation schemas used toidentify some or all of the hardware inventory.

As indicated in FIG. 3, at 345, the factory certificate authority 315submits the generated inventory certificate for signing by a hardwaresecurity module 320 that may be a dedicated hardware component of afactory provisioning server that safeguards cryptographic keys andimplements cryptographic functions utilized in the factory provisioningprocess. In some embodiments, the factory certificate authority 315 mayalso specify a certificate name associated with a signing key that ismaintained by the hardware security module 320. At 350, the hardwaresecurity module 320 utilizes the private key associated with thespecified certificate in order to digitally sign the submitted inventorycertificate, which includes the inventory of the factory installedhardware components of the IHS and the validation schemas used toidentify some or all of the hardware components. The signed inventorycertificate is then returned to the factory certificate authority 315 bythe hardware security module 320.

Once the inventory certificate has been signed, at block 460 and at 355,the signed inventory certificate is transmitted from the factorycertificate authority 315 to the factory provisioning application 305.At block 465 and at 360, the signed inventory certificate is than loadedto the assembled IHS. As indicated in FIG. 3, in some embodiments, thesigned inventory certificate may be uploaded to a remote accesscontroller 310 of the assembled IHS, such that the signed inventorycertificate may be stored to a nonvolatile memory or other persistentstorage that is accessible by the remote access controller 310 that isindependent from the operating system of the IHS. In other embodiments,the signed inventory certificate may be uploaded to another non-volatilememory of the IHS without reliance on the remote access controller.

Some embodiments may continue, at 365, with the validation of the signedinventory certificate by the remote access controller 310. Using thepublic key from the generated keypair, at block 475, the remote accesscontroller decrypts the signature included by the remote accesscontroller in the CSR and confirms that the inventory informationincluded in the signed inventory certificate matches the inventoryinformation that was submitted in the certificate signing request andalso confirms the submitted validation schemas match those included inthe certificate, thus validating the integrity of the generation of thesigned inventory certificate. At block 485, the remote access controllerconfirms that the inventory and schemas included in the signed inventorycertificate is valid and, at 370, the remote access controller 310confirms the validity of the inventory certificate with a notificationto the factory provisioning application 305. With the generation andvalidation of the signed inventory certificate completed, additionalfactory provisioning of the assembled IHS may be completed and, at block490, the assembled IHS may be shipped from the factory to a customer.

Once an IHS has been shipped to a customer, modifications may be made tothe hardware components of the IHS. For instance, defective hardwarecomponents may be replaced. Some hardware components may be replaced inorder to provide upgraded capabilities. New hardware components may alsobe added to an IHS in order to provide upgraded capabilities. These newand/or replacement hardware components may be supplied for installationin an IHS by a trusted entity. Embodiments may support capabilities forupdating the inventory information of an inventory certificate that ismaintained by an IHS. In such instances, the updated inventoryinformation of an inventory certificate may thus reflect factoryinstalled hardware components of an IHS and hardware components thatwere supplied for installation in the IHS by a trusted entity.

Upon delivery of the IHS, embodiments provide a customer with thecapability of validating that the delivered IHS includes only hardwarecomponents that were installed at the factory during manufacture of theIHS or were supplied for installation in the IHS by a trusted entity,where the hardware components of the IHS are securely identified usingthe validation schemas that are included the signed inventorycertificate. Accordingly, FIG. 5 is a swim lane diagram illustratingcertain responsibilities of components of an IHS configured according tocertain embodiments for supporting secure identification of hardwarecomponents of the IHS. FIG. 6 is a flowchart describing certain steps ofa method, according to some embodiments, for supporting secureidentification of hardware components of the IHS. Embodiments may begin,at block 605, with the delivery of an IHS to a customer, where the IHShas been assembled and provisioned according to the procedures set forthabove. In particular, the delivered IHS has been provisioned at thefactory to include a signed inventory certificate that specifies thefactory installed hardware components of the IHS and the also specifiesvalidation schemas used to identify some or all of the installedhardware components.

Upon receiving an IHS configured in this manner, at block 610, the IHSmay be unpacked, assembled and initialized by an administrator. In someinstances, an IHS may be ready for immediate deployment by a customer.In other instances, an IHS may require further provisioning by customerbefore it is deployed, such as for operation within a particular datacenter. As such, in various instances, an IHS may be unpacked, assembledand initialized in order to deploy the IHS, or in order to prepare itfor further provisioning. At block 615, the IHS has been powered and ahardware validation process 510 is initialized. In some embodiments,validation process may run within a pre-boot environment, such as a PXE(Preboot eXecution Environment) operating environment. In someembodiments, a PXE operating environment in which a validation processruns may be retrieved from a network location and may thus be executedusing the processing and memory capabilities of the IHS. In someembodiments, a PXE operating environment may be retrieved using secureprotocols, such as HTTPS, in order to assure the integrity of theoperating environment instructions that are utilized. In someembodiments, a pre-boot operating environment in which the validationprocess runs may include an operating environment that is executed bythe remote access controller of the IHS based on validated firmwareinstructions. In these embodiments that utilize a pre-boot operatingenvironment, the validation of the detected hardware components of theIHS is conducted prior to booting of the operating system of the IHS.

In some embodiments, the validation process may run as part of adiagnostic mode that is supported by an IHS. For instance, an IHS maysupport a diagnostic mode that may be initiated by a user or may beinitiated automatically in response to detecting various conditions,where the diagnostic mode may support various diagnostic tools,including the described hardware validation procedures. In someembodiments, the diagnostic mode may involve re-booting the IHS to adiagnostic environment, while other embodiments may support diagnosticmode operations that run within the operating system of the IHS.Accordingly, some embodiments may support the described hardwarevalidation procedures as a feature available within the operating systemof the IHS. In such embodiments, the operating system may be configuredto periodically conduct the described hardware validation procedures,such as on a daily or weekly basis. The operating system may likewise beconfigured to conduct the hardware validation procedures in response toa detected security notification, such as a notification that a processis attempting to access a protected resource. In some embodiments, thedescribed validation procedures may be implemented remotely, such as viathe described HTTPS protocols, where the remote validation proceduresmay rely both on information retrieved from the IHS via HTTPS and onremote information, such as information maintained by the manufacturerof the IHS or by an entity supporting the administration of the IHS.

At block 620 and as indicated at 535 of FIG. 5, an inventory certificatevalidation process 510 is initiated within a validation environment 505that may include the described pre-boot environments, diagnosticenvironments or other environment that may support the validationprocess. In some embodiments, the inventory certificate validationprocess 510 operates based on validated instructions, such as based oninstructions that when used to calculate a hash value are confirmed tocorrespond to a value stored in an immutable memory of the IHS duringits factory provisioning. In this manner, the inventory certificatevalidation process may be added to the root of trust of the IHS. Asdescribed above, the factory provisioning process may include uploadingthe signed inventory certificate to the remote access controller or to apersistent memory of the IHS. At block 625 and as indicated at 540, theinventory certificate validation process 510 retrieves the signedinventory certificate from the remote access controller 525 or from apersistent memory of the IHS. At block 630 and as indicated at 545, theinventory certificate validation process 510 parses the hardwareinventory information from the signed inventory certificate. Using thepublic key provided in the signed inventory certificate, the inventoryvalidation process 510 may confirm the integrity of the inventoryinformation that is included in the signed inventory certificate.

As described, the signed inventory certificate may also includevalidation schemas that may be used to identify some or all of thehardware inventory of an IHS, where the validation schema may specifycharacteristics by which particular hardware components may beidentified and may also specify procedures by which to identify thecomponents. At block 633 and at 543, these validation schemas aredetermined from the signed inventory certificate. In some embodiments,validation schemas may be specified within an inventory certificate asinstructions that may be utilized directly by the validation process toidentify hardware components of the IHS. In other instances, validationschemas may be specified in an inventory certificate as information thatidentifies a hardware component and that is combined by the validationprocesses with hardware identification templates in order to generatehardware identification scripts that may then be used to identify thehardware component of an IHS.

Upon determining the validation schemas to be used for componentidentification, the inventory certificate validation process 510 maycommence collecting an inventory of the detected hardware components ofthe IHS. In some instances, this collection of inventory information maybe initiated earlier by the inventory certificate validation process,such as during initialization of the IHS. At block 635 and as indicatedat 550, the inventory certificate validation process 510 may query theBIOS 515 of the IHS for an inventory of hardware components that havebeen detected by BIOS 515. In some embodiments, validation schemas maybe utilized to determine the identifying information that is collectedfor each of the hardware components that are detected by BIOS 515. Insome embodiments, validation schemas may specify whether a component maybe identified based on BIOS 515 information, or whether additional ordifferent identification information is required for identification of aparticular component.

At block 640 and as indicated at 555, the inventory certificatevalidation process 510 may retrieve additional hardware inventoryinformation from a Trusted Platform Module (TPM) 520 of the IHS. In someinstances, the TPM 520 may identify hardware components that are alsoidentified by BIOS 515. However, in some instances, the TPM 520 mayidentify certain hardware components, such as secure memory modules,that are not identified by BIOS 515. In some embodiments, validationschemas may be utilized to determine the identifying information that iscollected for each of the hardware components that are detected by TPM520. In some embodiments, validation schemas may specify whether acomponent may be identified based on TPM 520 information or whetheradditional or different identification information is required foridentification of a particular component.

As described with regard to FIG. 2, a Trusted Platform Module may serveto establish an initial hardware root of trust in an IHS such that thehardware components within this root of trust operate using validatedsoftware instructions. Accordingly, in some embodiments, the inventorycertificate validation process 510 may compare identity information forthe detected TPM 520 against the TPM identity information that is parsedfrom the inventory certificate at block 545. In some embodiments, suchcomparisons may be conducted based on validation schemas that specifyinformation that may be used to identify a TPM and that may also specifyprocedures for determining whether the identified TPM is the same TPMthat is listed in the signed inventory certificate. In some instances,the detection of any discrepancies between the identity of the TPMspecified in the inventory certificate and the identity reported by TPM520 may result in terminating any further validation procedures.

At block 645 and as indicated at 560, the inventory certificatevalidation process 510 may retrieve additional hardware inventoryinformation from a remote access controller 525 of the IHS. In someembodiments, validation schemas may be utilized to determine theidentifying information that is collected for each of the hardwarecomponents detected by remote access controller 525. In someembodiments, validation schemas may specify requirements regardingwhether a component may be identified based on remote access controller525 information, or whether additional or different identification isrequired for identification of a particular component. As with TPM 520,remote access controller 525 may provide redundant identification ofsome hardware components and may provide exclusive identification ofother hardware components, such as internal memories, managementcontrollers or logic units utilized by the remote access controller 525.Also as with TPM 520, in some embodiments, the inventory certificatevalidation process 510 may compare identity information for the detectedremote access controller 525 against the remote access controlleridentity information that is parsed from the inventory certificate atblock 545. In some embodiments, such comparisons may be conducted basedon validation schemas that specify information that may be used toidentify a remote access controller 525, and that may specify proceduresfor determining whether the identified remote access controller is thesame remote access controller that is listed in the signed inventorycertificate. In some instances, the detection of any discrepanciesbetween the identity of the remote access controller specified ininventory certificate and the identity reported by remote accesscontroller 525 may also result in terminating any further validationprocedures.

At block 650 and as indicated at 565, the inventory certificatevalidation process 510 retrieves any additional inventory informationfrom any other data sources, such as directly from the processor of theIHS or from a chassis management controller of a chassis in which theIHS has been installed. In some embodiments, validation schemas may beutilized to determine the additional identifying information that iscollected. Upon completion of the collection of the detected hardwarecomponents of the initialized IHS, at block 570, the inventorycertificate validation process compares the collected inventoryinformation against the inventory information that is parsed from thesigned inventory certificate, in some cases based on requirements setforth by the validation schemas. Accordingly, at block 655, theinventory certificate validation process may confirm the identity of thedetected TPM against the identity of the TPM reported in the signedinventory certificate, in some cases based on requirements set forth bythe validation schemas. If the identity of the TPM is successfullyvalidated, validation may continue at block 660. However, if theidentity of the TPM is not validated, at block 680, the inventorycertificate validation process may signal a core inventory validationfailure since any discrepancies between the identity of the factoryinstalled TPM and the TPM that has been detected in the initialized IHSsignals a potential compromise in the root of trusted hardwarecomponents of the IHS.

At block 660, the inventory certificate validation process may confirmthe identity of the detected remote access controller against theidentity of the remote access controller reported in the signedinventory certificate, in some cases based on requirements set forth bythe validation schemas. If the remote access controller is successfullyvalidated, validation may continue at block 665. Otherwise, if theidentity of the remote access controller is not validated, at block 680,the inventory certificate validation process may signal a core inventoryvalidation failure. As with the TPM, any discrepancies between theidentity of the factory installed remote access controller and theremote access controller detected in the initialized IHS signals apotential compromise of the root of trust of the IHS.

At block 665, the inventory certificate validation process continues thecomparison of the detected hardware components of the initialized IHSagainst the identities of the factory installed hardware components thatare included in the signed inventory certificate. Such comparisons maybe conducted based on requirements set forth in the validation schemas.If the unique identifiers of the detected hardware components of theinitialized IHS meet the requirements from the validation schemas suchthat the detected components are deemed to be same components specifiedin the signed inventory certificate, at block 670, the inventorycertificate validation process signals a successful validation of thedetected hardware of the IHS. In some embodiments, the validationschemas set forth requirements for identifying individual hardwarecomponents of an IHS, such as a validation schema that identifies thespecific MAC address of a network controller and that may furtherspecify the specific queries to the network controller, BIOS or remoteaccess controller that are to be used in determining the identity of adetected network controller. In some embodiments, validation schema mayspecify more than one unique identifier that is required to validate acomponent. For instance, a validation schema may specify both a serialnumber and a MAC address that are required for validation of acomponent. In some embodiments, the validation schema may also set forthrequirements for validating groups of hardware components, thusspecifying a collective identification of multiple components. Forexample, a validation schema may specify identifiers for a remote accesscontroller and for a TPM that both must be identified within thedetected hardware components or a core validation failure will betriggered. In this manner, the validation schemas may be used to specifycollections of components that form roots of trust and that must becollectively validated together, or a core validation failure may betriggered. Using such capabilities provided by validation schemas, acustomer receiving delivery of the IHS is thus assured that the IHS isoperating using only hardware components that were installed at thefactory during manufacture of the IHS or hardware components suppliedfor installation in the IHS by a trusted entity and that the proceduresutilized to identify the hardware components of an IHS are provided by atrusted entity and have not been compromised.

If any discrepancies are detected between the detected hardwarecomponents of the initialized IHS and the hardware components reportedin the signed inventory certificate, at block 675, a partial validationof the hardware inventory of the IHS may be reported. In some instances,such discrepancies may result from failure to detect hardware componentsthat are specified in the signed inventory certificate. In someinstances, such discrepancies may result from mismatched identityinformation between the detected hardware components and the componentslisted in the signed inventory certificate, such as discrepancies in theserial numbers or other unique identifiers associated with a hardwarecomponent. In other instances, such discrepancies may result from thedetection of hardware components that are not present in the signedinventory certificate. In all cases, any such discrepancies may bereported, thus allowing an administrator to investigate further.

It should be understood that various operations described herein may beimplemented in software executed by logic or processing circuitry,hardware, or a combination thereof. The order in which each operation ofa given method is performed may be changed, and various operations maybe added, reordered, combined, omitted, modified, etc. It is intendedthat the invention(s) described herein embrace all such modificationsand changes and, accordingly, the above description should be regardedin an illustrative rather than a restrictive sense.

Although the invention(s) is/are described herein with reference tospecific embodiments, various modifications and changes can be madewithout departing from the scope of the present invention(s), as setforth in the claims below. Accordingly, the specification and figuresare to be regarded in an illustrative rather than a restrictive sense,and all such modifications are intended to be included within the scopeof the present invention(s). Any benefits, advantages, or solutions toproblems that are described herein with regard to specific embodimentsare not intended to be construed as a critical, required, or essentialfeature or element of any or all the claims.

Unless stated otherwise, terms such as “first” and “second” are used toarbitrarily distinguish between the elements such terms describe. Thus,these terms are not necessarily intended to indicate temporal or otherprioritization of such elements. The terms “coupled” or “operablycoupled” are defined as connected, although not necessarily directly,and not necessarily mechanically. The terms “a” and “an” are defined asone or more unless stated otherwise. The terms “comprise” (and any formof comprise, such as “comprises” and “comprising”), “have” (and any formof have, such as “has” and “having”), “include” (and any form ofinclude, such as “includes” and “including”) and “contain” (and any formof contain, such as “contains” and “containing”) are open-ended linkingverbs. As a result, a system, device, or apparatus that “comprises,”“has,” “includes” or “contains” one or more elements possesses those oneor more elements but is not limited to possessing only those one or moreelements. Similarly, a method or process that “comprises,” “has,”“includes” or “contains” one or more operations possesses those one ormore operations but is not limited to possessing only those one or moreoperations.

The invention claimed is:
 1. A method for validating secure assembly ofan IHS (Information Handling System), the method comprising: retrievingan inventory certificate uploaded to the IHS during factory provisioningof the IHS, wherein the inventory certificate includes an inventoryidentifying a plurality of factory installed hardware components of theIHS, and wherein the inventory certificate further includes a pluralityof validation schemas that comprise instructions for identifying thefactory installed hardware components; collecting an inventory ofdetected hardware components of the IHS, wherein the inventory iscollected based on identifications made using the instructions specifiedby the validation schemas included in the inventory certificate; andcomparing the collected inventory against the inventory from theinventory certificate in order to validate the detected hardwarecomponents of the IHS as the same hardware components installed duringfactory assembly of the IHS.
 2. The method of claim 1, wherein thecomparisons are conducted based on the instructions specified by thevalidation schemas included in the inventory certificate.
 3. The methodof claim 1, wherein the instructions of the validation schemas specifyunique identifiers for use in the identifications of the factoryinstalled hardware components.
 4. The method of claim 1, wherein theinstructions of the validation schemas specify requirements for use inthe identifications of the factory installed hardware components.
 5. Themethod of claim 1, wherein the inventory certificate is uploaded to apersistent memory of the IHS during the factory provisioning of the IHS.6. The method of claim 1, wherein the validation schemas are generatedfor each of the factory installed hardware components during the factoryprovisioning of the IHS.
 7. The method of claim 1, wherein thevalidation process confirms an integrity of the validation schemas priorto using the schemas in collecting an inventory of detected hardwarecomponents.
 8. The method of claim 7, wherein the integrity of thevalidation schemas is confirmed based on digital signatures generated bythe IHS during the factory provisioning of the IHS.
 9. The method ofclaim 4, wherein the instructions of the validation schemas specifyunique identifiers for a combination of two or more hardware componentsthat are collectively required for validation of the secure assembly ofthe IHS.
 10. An IHS (Information Handling System) comprising: aplurality of hardware components, wherein during factory provisioning ofthe IHS an inventory certificate is uploaded to the IHS that includes aninventory of the factory installed hardware components of the IHS andfurther includes a plurality of validation schemas that compriseinstructions for identifying the factory installed hardware componentsof the IHS, and wherein the hardware components comprise: one or moreprocessors; and one or more memory devices coupled to the processors,the memory devices storing computer-readable instructions that, uponexecution by the processors, cause a validation process of the IHS to:collect an inventory of the plurality of hardware components using theinstructions specified by the validation schemas included in theinventory certificate; and compare the collected inventory against theinventory from the inventory certificate in order to validate theplurality of hardware components of the IHS as the same hardwarecomponents installed during factory assembly of the IHS.
 11. The IHS ofclaim 10, wherein the comparisons are conducted based on theinstructions specified by the validation schemas included in theinventory certificate.
 12. The IHS of claim 10, wherein the instructionsof the validation schemas specify unique identifiers for use in theidentifications of the factory installed hardware components.
 13. TheIHS of claim 10, wherein the instructions of the validation schemasspecify requirements for use in the identifications of the factoryinstalled hardware components.
 14. The IHS of claim 10, wherein theinventory certificate is uploaded to a persistent memory of the IHSduring the factory provisioning of the IHS.
 15. The IHS of claim 10,wherein the validation schemas are generated for each of the factoryinstalled hardware components during the factory provisioning of theIHS.
 16. A computer-readable storage device having instructions storedthereon for validating secure assembly of an IHS (Information HandlingSystem), wherein execution of the instructions by one or more processorsof the IHS causes a validation process of the IHS to: retrieve aninventory certificate uploaded to the IHS during factory provisioning ofthe IHS, and wherein the inventory certificate includes an inventory offactory installed hardware components of the IHS and further includesvalidation schemas that comprise instructions for identifying thefactory installed hardware components; collect an inventory of detectedhardware components of the IHS based on the instructions specified bythe validation schemas; and compare the inventory of detected hardwarecomponents against the inventory from the inventory certificate in orderto validate the plurality of detected hardware components of the IHS asthe same hardware components installed during factory assembly of theIHS.
 17. The storage device of claim 16, wherein the comparisons areconducted based on the instructions specified by the validation schemasincluded in the inventory certificate.
 18. The storage device of claim16, wherein the instructions of the validation schemas specify uniqueidentifiers for use in the identifications of the factory installedhardware components.
 19. The storage device of claim 16, wherein theinstructions of the validation schemas specify requirements for use inthe identifications of the factory installed hardware components. 20.The storage device of claim 16, wherein the validation process comprisesa pre-boot process of the IHS.